Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Sec+ 601 > Domain 5: Governance, Risk, and Compliance (14%) > Flashcards

Domain 5: Governance, Risk, and Compliance (14%) Flashcards

1
Q

5.3 Personnel

Least Privilege

A

Users are only given the lowest level of access needed to perform their
job functions

§ Does everyone in the company need to know employee salary data?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

5.3 Personnel

Separation of duties

A

Requires more than one person to conduct a sensitive task or operation

§ Separation of duties can be implemented by a single user with a user and
admin account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

5.3 Personnel

Job rotation

A

Occurs when users are cycled through various jobs to learn the overall
operations better, reduce their boredom, enhance their skill level, and
most importantly, increase our security
§ Job rotation helps the employee become more well-rounded and learn
new skills
§ Job rotation also helps the organization identify theft, fraud, and abuse of
position

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

5.4 Risk management Strategies

risk avoidance

A

A strategy that requires stopping the activity that has risk or
choosing a less risky alternative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

5.4 Risk management Strategies

Risk Transfer

A

A strategy that passes the risk to a third party

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

5.4 Risk management Strategies

Risk Mitigation

A

A strategy that seeks to minimize the risk to an acceptable level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

5.4 Risk management Strategies

Risk Acceptance

A

A strategy that seeks to accept the current level of risk and the
costs associated with it if the risk were realized

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

5.4 Risk Analysis

Residual Risk

A

The risk remaining after trying to avoid, transfer, or mitigate the
risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

5.4 Risk Analysis

Qualitative risk assessment type

A

Qualitative analysis uses intuition, experience, and other methods to assign a
relative value to risk
o Experience is critical in qualitative analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

5.4 Risk Analysis

Quantitative Risk assessment type

A

Quantitative analysis uses numerical and monetary values to calculate risk
o Quantitative analysis can calculate a direct cost for each risk
o Magnitude of Impact

ALE (annual Loss Expectancy) = SLE (single loss expectancy = AV x EF) x ARO (Annual Rate of Occurence)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Users are only given the lowest level of access needed to perform their
job functions

§ Does everyone in the company need to know employee salary data?

A

5.3 Personnel

Least Privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Requires more than one person to conduct a sensitive task or operation

§ Separation of duties can be implemented by a single user with a user and
admin account

A

5.3 Personnel

Separation of duties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Occurs when users are cycled through various jobs to learn the overall
operations better, reduce their boredom, enhance their skill level, and
most importantly, increase our security
§ Job rotation helps the employee become more well-rounded and learn
new skills
§ Job rotation also helps the organization identify theft, fraud, and abuse of
position

A

5.3 Personnel

Job rotation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A strategy that requires stopping the activity that has risk or
choosing a less risky alternative

A

5.4 Risk management Strategies

risk avoidance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A strategy that passes the risk to a third party

A

5.4 Risk management Strategies

Risk Transfer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A strategy that seeks to minimize the risk to an acceptable level

A

5.4 Risk management Strategies

Risk Mitigation

17
Q

A strategy that seeks to accept the current level of risk and the
costs associated with it if the risk were realized

A

5.4 Risk management Strategies

Risk Acceptance

18
Q

The risk remaining after trying to avoid, transfer, or mitigate the
risk

A

5.4 Risk Analysis

Residual Risk

19
Q

Qualitative analysis uses intuition, experience, and other methods to assign a
relative value to risk
o Experience is critical in qualitative analysis

A

5.4 Risk Analysis

Qualitative risk assessment type

20
Q

Quantitative analysis uses numerical and monetary values to calculate risk
o Quantitative analysis can calculate a direct cost for each risk
o Magnitude of Impact

ALE (annual Loss Expectancy) = SLE (single loss expectancy = AV x EF) x ARO (Annual Rate of Occurence)

A

5.4 Risk Analysis

Quantitative Risk assessment type

21
Q

The individual elements, objects, or parts of a system that would cause
the whole system to fail if they were to fail

A

5.4 Business impact analysis

Single point of failure

22
Q

Personal data cannot be collected processed or retained without the
individual’s informed consent

§ also provides the right for a user to withdraw consent, to inspect,
amend, or erase data held about them

§ requires data breach notification within 72 hours

A

5.2 Regulations, Standards, and legislation

General Data Protection Regulation (GDPR)

23
Q

Defines the rules that restrict how a computer, network, or other systems
may be used

A

5.3 Personnel

Acceptable use policy

24
Q

Defines the structured way of changing the state of a computer system,
network, or IT procedure

A

5.3 Organizational Polices

Change management

25
Q

Different users are trained to perform the tasks of the same position to
help prevent and identify fraud that could occur if only one employee
had the job

A

5.3 Personnel

Job Rotation

26
Q

Dictates what type of things need to be done when an employee is hired,
fired, or quits
§ Terminated employees are often not cooperative

A

5.3 Personnel

onboarding and offboarding

27
Q

Agreement between two parties that defines what data is considered
confidential and cannot be shared outside of the relationship

§are a binding contract

A

5.3 Third-party risk management

Non-Disclosure Agreement (NDA)

28
Q

A non-binding agreement between two or more organizations to detail
an intended common line of action

can be between multiple organizations

A

5.3 Third-party risk management

Memorandum of understanding(MOU)

29
Q

An agreement concerned with the ability to support and respond to
problems within a given timeframe and continuing to provide the agreed
upon level of service to the user

§may promise 99.999% uptime

A

5.3 Third-party risk management

Service-level Agreement(SLA)

30
Q

Conducted between two business partners that establishes the
conditions of their relationship

§ can also include security requirements

A

5.3 Third-party risk management

Business Partnership Agreement(BPA)

Sec+ 601 (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions